What caused the Figure data breach?

No exploits—just exposed records from misconfigs, ripe for grabbing.

Does MFA stop credential stuffing from breaches like Figure's?

Not fully. AiTM relays and fatigue bypass most setups.

How to protect against email list attacks?

Go passwordless, use phishing-resistant MFA like FIDO2, monitor for anomalies. And yeah, it'll take vigilance. But in this AI-fueled arms race, we're building moats that learn, adapt, thrill.

🔓 Data Breaches

Figure Breach: When 967K Emails Turn MFA into a Speed Bump

Picture this: hackers snag nearly a million emails from Figure, no exploits needed. Suddenly, your MFA push feels like a polite 'please wait' sign on a wide-open door.

theAIcatchup Apr 09, 2026 3 min read

Digital vault door ajar with email icons spilling out, MFA lock bypassed

⚡ Key Takeaways

Figure's 967K email leak fuels credential stuffing, phishing, and social engineering with 2-3% instant success rates. 𝕏
Legacy MFA falls to real-time relays and fatigue—it's authenticating signals, not users. 𝕏
Future-proof with passwordless biometrics; AI attacks demand AI defenses for true identity assurance. 𝕏

Published by

theAIcatchup

Threat intelligence. Zero noise.

#AiTM attacks #Figure breach #MFA bypass #credential stuffing

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by Bleeping Computer

⚡ Key Takeaways

The 60-Second TL;DR

theAIcatchup

Share this article

Worth sharing?

Related Stories

Storm-2755's Payroll Pirates: Hijacking Canadian Paychecks via Session Theft

Starkiller: The Proxy That Turns Real Logins into Criminal Goldmines

Russian Military's SOHO Router Hack Turns Home Networks into Spy Hubs

AI's Dark Turn: How Hackers Made It Their Ultimate Cyber Weapon

Stay in the loop